268471
|
- |
|
modern singapore
|
modern singapore
|
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to defa…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0400
|
2011-03-8 12:04 |
2008-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268472
|
- |
|
hal_networks
|
perl__cgi_cart php_cart shop_hal_v1
|
Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2008-0522
|
2011-03-8 12:04 |
2008-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268473
|
- |
|
drupal
|
secure_site_module
|
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated fr…
|
NVD-CWE-noinfo
|
CVE-2008-0568
|
2011-03-8 12:04 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268474
|
- |
|
drupal
|
comment_upload_module
|
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0569
|
2011-03-8 12:04 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268475
|
- |
|
drupal
|
openid
|
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domain…
|
CWE-20
Improper Input Validation
|
CVE-2008-0570
|
2011-03-8 12:04 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268476
|
- |
|
drupal
|
userpoints_module
|
The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows…
|
CWE-352
Origin Validation Error
|
CVE-2008-0571
|
2011-03-8 12:04 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268477
|
- |
|
drupal
|
project_issue_tracking_module
|
Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in th…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0576
|
2011-03-8 12:04 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268478
|
- |
|
drupal
|
project_issue_tracking_module
|
The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlie…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0577
|
2011-03-8 12:04 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268479
|
- |
|
apple
|
mac_os_x
|
X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0037
|
2011-03-8 12:03 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268480
|
- |
|
apple
|
mac_os_x
|
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0038
|
2011-03-8 12:03 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|